linux服务器上搭建gitolite实现对git server的版本库的权限控制
Posted
tags:
篇首语:本文由小常识网(cha138.com)小编为大家整理,主要介绍了linux服务器上搭建gitolite实现对git server的版本库的权限控制相关的知识,希望对你有一定的参考价值。
一、环境介绍:
1.1Git账户管理机器manage
ip:10.0.0.56
[[email protected] ~]# cat /etc/redhat-release
CentOS release 6.7 (Final)
[[email protected] ~]# hostname
manage
[[email protected] ~]# tail -2 /etc/hosts
10.0.0.56 manage
10.0.0.11 git-server
1.2.git远程版本库git-server
git远程版本库ip:10.0.0.11
[[email protected] ~]# cat /etc/redhat-release
CentOS release 6.7 (Final)
[[email protected] ~]# hostname
git-server
[[email protected] ~]# tail -2 /etc/hosts
10.0.0.11 git-server
10.0.0.56 server
二、安装部署
2.1在git账户管理机器上(10.0.0.56)操作:
2.1.1安装git
[[email protected] ~]# yum install git –y
2.1.2创建公钥和私钥
Git账户管理员需要在自己机器(10.0.0.56)上创建SSH公钥/私钥对。
ssh-keygen -f ~/.ssh/git-admin
[[email protected] ~]# ll .ssh/
git-admin git-admin.pub known_hosts
2.1.3配置config文件
为了方便管理和不至于和其他公钥私钥混淆,先配置下SSH客户端的文件 ~/.ssh/config,
可以通过创建主机别名,在连接主机时,使用特定的公钥。例如 ~/.ssh/config 文件中的下列配置
[[email protected] ~]# cat .ssh/config
host git-server
user git
hostname 10.0.0.11
port 22
identityfile ~/.ssh/git-admin
把10.0.0.56管理员机器上的公钥copy到git-server(10.0.0.11)服务器上,
[[email protected] ~]# scp .ssh/git-admin.pub git-server:/tmp/
提示:
注意1.git-server机器的sshd端口是必须是22端口,否则在配置免秘钥进行git提交代码时,会提交失败的
注意2.Git账户管理机器manage(10.0.0.56)上的/root/.ssh/config文件权限必须是600,否则在后续添加公钥时,会报错,提示权限不允许
[[email protected] ~]# ll /root/.ssh/config
-rw-rw-r-- 1 root root 99 Mar 29 11:28 /root/.ssh/config
[[email protected] ~]# chmod 600 /root/.ssh/config
[[email protected] ~]# ll /root/.ssh/config
-rw------- 1 root root 99 Mar 29 11:28 /root/.ssh/config
2.2在git-server远程版本库机器上操作:
在git-server git远程版本库(ip:10.0.0.11)机器上安装gitolite软件来管理git版本库账户
在Git-server git远程版本库安装git
参考文档:
http://blog.sina.com.cn/s/blog_4b5039210102e3r3.html
说明:
Gitolite其实也是一个git repository,首先在git-server机器上安装好后,在client端manage机器上把server上的repository clone下来,在本地做一些更改,再push回server,server端的hooks会根据push上来的配置来更新权限。
在git-server 上操作:
2.2.1在git-server 机器上创建git用户
useradd git
passwd git
123456
2.2.2在git-server上安装git和下载gitolite
在git的用户目录下执行下载gitolite软件包:
[[email protected] ~]# yum install git -y
[[email protected] ~]# su - git
[[email protected] ~]$ git clone https://github.com/sitaramc/gitolite
Initialized empty Git repository in /home/git/gitolite/.git/
remote: Counting objects: 9385, done.
remote: Total 9385 (delta 0), reused 0 (delta 0), pack-reused 9385
Receiving objects: 100% (9385/9385), 2.96 MiB | 95 KiB/s, done.
Resolving deltas: 100% (5805/5805), done.
2.2.3安装gitolite
[[email protected] ~]$ mkdir bin
[[email protected] ~]$ gitolite/install -to $HOME/bin
[[email protected] ~]$ ls
bin gitolite
[[email protected] ~]$ cd bin
[[email protected] bin]$ ls
commands gitolite gitolite-shell lib syntactic-sugar triggers VERSION VREF
会在bin下生成一个gitolite可执行文件
必须先在10.0.0.56机器把git-admin.pub公钥先拷贝到git-server10.0.0.11机器上
[[email protected] ~]# scp .ssh/git-admin.pub git-server:/tmp/git-admin.pub
[[email protected] bin]$ gitolite setup -pk /tmp/git-admin.pub
[[email protected] ~]$ cd bin/
[[email protected] bin]$ ls
gitolite
[[email protected] bin]$ gitolite setup -pk /tmp/git-admin.pub
Initialized empty Git repository in /home/git/repositories/gitolite-admin.git/
Initialized empty Git repository in /home/git/repositories/testing.git/
WARNING: /home/git/.ssh missing; creating a new one
(this is normal on a brand new install)
WARNING: /home/git/.ssh/authorized_keys missing; creating a new one
(this is normal on a brand new install)
[[email protected] bin]$
此命令会在你的~/repositories/目录生成两个repository:gitolite-admin.git和testing.git
[[email protected] ~]$ cd repositories/
[[email protected] repositories]$ ls
gitolite-admin.git testing.git
[[email protected] bin]$ ll /home/git/repositories/
total 8
drwx------ 8 git git 4096 Jul 23 15:53 gitolite-admin.git
drwx------ 7 git git 4096 Jul 23 15:53 testing.git
用户目录下生成一个project.list,默认里面有一个testing的git的project
[[email protected] ~]$ more projects.list
testing.git
到此处gitolite安装完毕!
2.3再回到在manage端机器上操作:
克隆 git-server版本库上的gitolite-admin到manage账户管理端机器
!!!注意:
命令一定要是git clone git-server:gitolite-admin
而不是:git clone git-server:/home/git/repositories/gitolite-admin
更不是:git clone git-server:gitolite-admin.git
[[email protected] ~]# git clone git-server:gitolite-admin
提示报错:
[[email protected] ~]# git clone git-server:gitolite-admin
Initialized empty Git repository in /root/gitolite-admin/.git/
Bad owner or permissions on /root/.ssh/config
fatal: The remote end hung up unexpectedly
权限不对,以下给600权限解决问题
[[email protected] ~]# ll /root/.ssh/config
-rw-rw-r-- 1 root root 99 Mar 29 11:28 /root/.ssh/config
[[email protected] ~]# chmod 600 /root/.ssh/config
[[email protected] ~]# git clone git-server:gitolite-admin
Initialized empty Git repository in /root/gitolite-admin/.git/
Warning: Permanently added ‘221.195.1.233‘ (RSA) to the list of known hosts.
remote: Counting objects: 6, done.
remote: Compressing objects: 100% (4/4), done.
remote: Total 6 (delta 0), reused 0 (delta 0)
Receiving objects: 100% (6/6), done.
[[email protected] ~]# ll gitolite-admin/
total 8
drwxrwxr-x 2 root root 4096 Mar 29 12:00 conf
drwxrwxr-x 2 root root 4096 Mar 29 12:00 keydir
clone完后会有个新的目录gitolite-admin,里面有两个文件夹conf和keydir,第一个目录中包含的是配置文件,里面就是记录权限配置的地方,第二个目录中则包含所有用户的pub key。
[[email protected] ~]# ll gitolite-admin/*
gitolite-admin/conf:
total 4
-rw-r--r-- 1 root root 77 Jul 22 15:10 gitolite.conf
gitolite-admin/keydir:
total 4
-rw-r--r-- 1 root root 393 Jul 22 15:10 git-admin.pub
[[email protected] ~]# cat gitolite-admin/conf/gitolite.conf
repo gitolite-admin
RW+ = admin
repo testing
RW+ = @all
首先 gitolite-admin只有admin有读写权限,其他人都不能读写
另外一个代码库testing是所有人都可以访问
2.4放置manage端机器的公钥文件git-admin.pub到gitolite-admin/keydir 目录下,然后提交到远程的版本库git-server上
[[email protected] ~]# git add conf/ keydir/
[[email protected] ~]# git status
[[email protected] ~]# git push
在git-server 机器远程版本库上查看密钥文件:[[email protected] ~]$ cat /home/git/.ssh/authorized_keys
#gitolite start
command="/home/git/gitolite/src/gitolite-shell admin",no-port-forwarding,no-X11-forwarding,no-agent-forwarding,no-pty ssh-rsa AAAAB3NzaC1yc2EAAAABIwAAAQEAzXc/2BPDIZ/3PnoXhgVEyZLdF5oiE+UuumBeOxcR2FGoGUVEaSWYOZ2zWYIk5RCzKNWb3d9Ur51l7DpQunmCUlvf4lOZ7UT68jnhAF/NNN9a6upEHBls5hpFvVp+DmqOYuVuWs+FQhShPvp70QJfsx/+gg14rw9A1/jN5GdgrrStYorNEE1Ut8/T1t9tNxsIlfwgd6pQPKpWJ11sANWx9U+DfUEAN4a0bCiZ/PQ+9aR+SJ1Y+H68pt2+iy4I8UXuhtgSqYTu5YmxsJlF3uoHypF4lOTqgiP0HYr8FNZ3KWg2ome8fUOnO2VbNvgAXafhLEfBd5zxd6YChDHwfIclvQ== [email protected]
#gitolite end
此时你可以免秘钥在manage机器上进行克隆远程版本库上的代码:
[[email protected] ~]# git clone git-server:gitolite-admin
Initialized empty Git repository in /tmp/gitolite-admin/.git/
remote: Counting objects: 16, done.
remote: Compressing objects: 100% (12/12), done.
remote: Total 16 (delta 2), reused 0 (delta 0)
Receiving objects: 100% (16/16), done.
Resolving deltas: 100% (2/2), done.
[[email protected] ~]# ll gitolite-admin
total 8
drwxrwxr-x 2 root root 4096 Mar 30 21:57 conf
drwxrwxr-x 2 root root 4096 Mar 30 21:57 keydir
如果注释掉[[email protected] ~]$ ll /home/git/.ssh/authorized_keys这个文件的内容,在你克隆的时候回提示让你输入密码,同事即使你输入密码,clone远程版本库的代码依旧会失败
[[email protected] tmp]# git clone git-server:gitolite-admin
Initialized empty Git repository in /tmp/gitolite-admin/.git/
[email protected]‘s password: 123456
fatal: ‘gitolite-admin‘ does not appear to be a git repository
fatal: The remote end hung up unexpectedly
以上是关于linux服务器上搭建gitolite实现对git server的版本库的权限控制的主要内容,如果未能解决你的问题,请参考以下文章
使用Gitolite来对Git的repository实现权限控制